Release note / Piwigo 2.9.3

bug fixes (including security)

Download Piwigo 2.9.3

Released on February 26th, 2018


The list of major changes is described on Piwigo 2.9.0 release note

Bugs fixed



Bugs fixed

839 / Security

Piwigo v2.9.2 - SQL injection in administration panel

838 / Photos

[Batch Manager] delete "all set" produces an incorrect error message

826 / Security

SQL injection in configuration setting

825 / Security

SQL injection on Batch Manager, unit mode

824 / Technical

release builder failing under MacOS X

823 / Security

SQL injection in admin/users

822 / Security

use xss+csrf attack on configuration pages

735 / web API

ability to get an authentication key through API


Updated languages

Danish (Dansk)

German (Deutsch)


French (Français)

Italian (Italiano)

Lithuanian (Lietuvių)

Latvian (Latviešu)

Mongolian (Монгол хэл)

Norwegian Bokmål (bokmål)

Polish (Polski)

Brazilian Portuguese (Português Brasil)

Romanian (Română)

Russian (Русский)

Swedish (Svenska)

Thai (ภาษาไทย)

Ukrainian (Українська)

Vietnamese (Tiếng Việt)

Chinese (简体中文)


We recommend the automatic upgrade. If you're running version 2.2+, Piwigo will tell you which plugins may be not compatible with Piwigo 2.9 before upgrade.

If you're running Piwigo 2.9.x you can also download the archive that contains all new and modified files. Once you have extracted the files, transfer them onto your web server with a FTP client over your Piwigo 2.9.x installation. No database upgrade is required.

If you are running a version older than 2.9 and do not want to use the automatic upgrade, then follow the manual upgrade.